1 / 16

Towards a Dependability Case for the Chaum Voting Scheme

Towards a Dependability Case for the Chaum Voting Scheme. Peter Y A Ryan University of Newcastle With Jeremy Bryans, Bev Littlewood, Lorenzo Strigini, Peter Ayton,…. Background. Security strand of DIRC project: Dependability Interdisciplinary Research Collaboration (dirc.org.uk).

morse
Download Presentation

Towards a Dependability Case for the Chaum Voting Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of Newcastle With Jeremy Bryans, Bev Littlewood, Lorenzo Strigini, Peter Ayton,…. P Y A Ryan Dependability of the Chaum Scheme

  2. Background • Security strand of DIRC project: Dependability Interdisciplinary Research Collaboration (dirc.org.uk). • Design and evaluation of computer-based systems for dependability. • Socio-technical approach. • E-voting, and the Chaum scheme is particular a nice example of such a system with secrecy and integrity requirements. • Full dependability case will need to encompass the surrounding socio-technical system and detail the assumptions etc. P Y A Ryan Dependability of the Chaum Scheme

  3. Design Philosophy • Many e-voting schemes call for heavily trust in the technical components. Little or no monitoring. • The Chaum scheme by contrast shifts the dependence away from the technical components to the vigilance of the users: voters, officials, auditors etc. • The probability of undetected corruption of votes is negligible. • Dependability by the people for the people. P Y A Ryan Dependability of the Chaum Scheme

  4. Socio-technical aspects • Consequently, the surrounding system, procedures and behaviour of humans are critical. • Error handling and recovery strategies need to be carefully designed and evaluated. • Hence, need to examine the socio-technical failure modes and counter-measures. • Errors need to be diagnosed and thresholds for triggering the recovery strategies established. • Careful trade-off needed between: • aborting elections too easily. • Allowing the possibility of significant, undetected corruption. P Y A Ryan Dependability of the Chaum Scheme

  5. Chaum • Key ingredient: provide an encrypted ballot receipt that allows the voter to check that their vote is included in the tally whilst not revealing the vote. • The challenge is to provide high assurance that the ballot will be decrypted correctly. • Uses a cut and choose protocol plus a robust anonymising mix. • Shows that, up to certain probabilistic and computational limits, voter-verifiability and ballot secrecy can be simultaneously achieved. P Y A Ryan Dependability of the Chaum Scheme

  6. Chaum in a nutshell • Vote encoded in two parts, each separately (pseudo-) random noise. • Voter gets choice between the components and gets to run well-formedness checks on retained part. • Booth passes a copy of the receipt along with nested decryption information (“Russian dolls”) to a series of tellers. • Tellers perform an anonymising mix on the batch of receipts, striping off layers of encryption at each stage. • Random audits performed on the tellers. • In principle: if all checks are performed assiduously, the chance of p votes being corrupted undetected falls off as 1/2p. P Y A Ryan Dependability of the Chaum Scheme

  7. Anne casts a vote • Anne registers and logs on in the booth. • Anne makes her voting choice. • Anne’s choice is represented by matching symbols on two layers/strips. • If the Anne now confirms the choice, the booth now prints the encrypted “Russian dolls”. • Assuming that these cryptographic commitments match, Anne signals “okay” and is now invited to choose to retain either the upper or lower strip. • “To retain” and the appropriate seed information is now printed on the chosen part. “To destroy” on the reject strip. • She leaves the booth, surrenders the strip and witnesses its destruction and runs a well-formedness check on the retained part. • Finally she should check that her ballot is correctly posted on the web. P Y A Ryan Dependability of the Chaum Scheme

  8. Socio-technical vulnerabilities • Booth prints incorrect vote and voter fails to notice. • Voter choice between layers/strips is highly predictable or coercible. • Small proportion of voters perform the checks. • Voters tend to fail to notify erroneous checks. • Notifications are not properly diagnosed, collated and/or acted upon. • Voter may flag false errors. Note: this is not verifiable by a 3rd party. P Y A Ryan Dependability of the Chaum Scheme

  9. “Are you sure that you want to destroy the lower layer?” • It is essential that booth not be able to predict or coerce the voter’s choice of layer/strip. • But ~80% of people asked to “randomly” choose heads or tails choose heads. • Correlation with second choice also high. • What proportion of voters would notice if the booth “lied” about their choice? • Should a second try be allowed if voter flags error? Or even a third? Might be voter error. • Putting all these together could result in a highly predicatable or coersable choice and so weaken the scheme. P Y A Ryan Dependability of the Chaum Scheme

  10. Counter-measures • Aid voter’s randomness, e.g., coin in a perspex cylinder. • Use a different, e.g. mechanical technique to mark the layer or strip for destruction. • Perform well-formedness checks (tricky without compromising vote secrecy) immediately after first error report by voter to help detect corrupt booth. • Establish suitable error diagnosis and recovery strategies. P Y A Ryan Dependability of the Chaum Scheme

  11. Teller errors • Similarly need to define error-handling and recovery strategies for the teller audits. • E.g., set thresholds for alerts-need to counter under the radar collusion attacks by tellers. P Y A Ryan Dependability of the Chaum Scheme

  12. Public Trust • Not enough for the system to be dependable, it must also be seen to be dependable. • The scheme is complex and difficult to understand. • To what extent could “the average voter” understand the scheme and believe the claims? • To what extent would assurances of experts suffice? • How easy would it be to undermine public confidence (e.g., “Andrey’s attack”)? P Y A Ryan Dependability of the Chaum Scheme

  13. Trials • Plan to perform a number of trails at DIRC sites. • Possible questions to address: • Do people understand the procedures and checks okay? • Do they understand the encoding of the vote (especially if we use the Prêt à Voter version)? • How diligent are they in performing the various checks, reporting problems? • Do they understand what they are supposed to do when an error occurs (e.g., a check fails)? • How easily can they be fooled or coerced about their choice of layer/strip? • To what extent do they understand the rationale behind the checks? • To what extent do they need to understand the rationale in order to perform the checks with reasonable diligence? • To what extent would they trust the scheme (as compared to pen and paper, DRE etc?) (for accuracy and for privacy)? • Do they regard the voter verification as a valuable feature? P Y A Ryan Dependability of the Chaum Scheme

  14. Conclusions • The Chaum scheme minimises dependence on technical components. • For the accuracy requirement, no trust (dependence) need to placed in the components. • The checks mean that an election can be verified as opposed to the election system. • Technical (mathematical) core appears robust. • The surrounding socio-technical mechanisms (error handling, recovery strategies, thresholds,…) need to be carefully designed and evaluated. • Public understanding and trust is likely to be an obstacle to uptake. P Y A Ryan Dependability of the Chaum Scheme

  15. Future work • Formal analysis of the scheme (and variants). • Construct full risk analysis/dependability case: • Elucidation of the goals and requirements; technical, social, political, legal, economic… • Investigate social threats. • Specify and evaluate error handling and recovery strategies. • Conduct full risk analysis. • To what extent is fairness and absence of bias achieved? • Investigate how public trust could be established, maintained (undermined). • Investigate mental models. • Conduct trails. P Y A Ryan Dependability of the Chaum Scheme

  16. Further information • www.dirc.org.uk • Various Newcastle tech reports: • CS-TR-809 (gives full details of the original scheme) • “A simplified version of the Chaum e-voting scheme” (presents a pedagogic, simplified version) • FAST 2003 • E-voting Workshop at DSN, Florence end June 2004. P Y A Ryan Dependability of the Chaum Scheme

More Related